Home » Cisco Manuals » Telephony » Cisco 7970G » Manual Viewer

Cisco 7970G Administration Guide - Page 41

Overview, Required Network Components

UPC - 746320926292

Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

Chapter 1 An Overview of the Cisco Unified IP Phone Understanding Security Features for Cisco Unified IP Phones • Overview, page 1-23 • Required Network Components, page 1-23 • Best Practices-Requirements and Recommendations, page 1-24 Overview Cisco Unified IP phones and Cisco Catalyst switches have traditionally used Cisco Discovery Protocol (CDP) to identify each other and to determine parameters such as VLAN allocation and inline power requirements. However, CDP is not used to identify any locally attached PCs. Therefore, Cisco Unified IP Phones provide an EAPOL pass-through mechanism, whereby a PC locally attached to the IP phone may pass through EAPOL messages to the 802.1X authenticator in the LAN switch. This capability prevents the IP phone from having to act as the authenticator, yet allows the LAN switch to authenticate a data end point prior to accessing the network. In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP Phones provide a proxy EAPOL-Logoff mechanism. If the locally attached PC is disconnected from the IP phone, the LAN switch would not see the physical link fail, because the link between the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends an EAPOL-Logoff message to the switch on behalf of the downstream PC, which triggers the LAN switch to clear the authentication entry for the downstream PC. The Cisco Unified IP phones contain an 802.1X supplicant in addition to the EAPOL pass-through mechanism. This supplicant allows network administrators to control the connectivity of IP phones to the LAN switch ports. The IP phone 802.1X supplicant implements the EAP-MD5 option for 802.1X authentication. Required Network Components Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including: • Cisco Unified IP Phone-The phone acts as the 802.1X supplicant, which initiates the request to access the network. • Cisco Secure Access Control Server (ACS) (or other third-party authentication server)-The authentication server and the phone must both be configured with a shared secret that is used to authenticate the phone. Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1 OL-14626-01 1-23

Section	Page
Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1 (SCCP and SIP)	1
Contents	5
Preface	13
An Overview of the Cisco Unified IP Phone	19
Understanding the Cisco Unified IP Phone 7970 Series	20
What Networking Protocols Are Used?	22
What Features are Supported on the Cisco Unified IP Phone 7970 Series?	27
Feature Overview	28
Configuring Telephony Features	29
Configuring Network Parameters Using the Cisco Unified IP Phone	29
Providing Users with Feature Information	30
Understanding Security Features for Cisco Unified IP Phones	30
Overview of Supported Security Features	33
Understanding Security Profiles	37
Identifying Encrypted and Authenticated Phone Calls	37
Establishing and Identifying Secure Conference Calls	38
Call Security Interactions and Restrictions	39
Supporting 802.1X Authentication on Cisco Unified IP Phones	40
Overview	41
Required Network Components	41
Best Practices-Requirements and Recommendations	42
Security Restrictions	43
Overview of Configuring and Installing Cisco Unified IP Phones	44
Configuring Cisco Unified IP Phones in Cisco Unified Communications Manager	44
Checklist for Configuring the Cisco Unified IP Phone 7970 Series in Cisco Unified Communications Manager	45
Installing Cisco Unified IP Phones	49
Checklist for Installing the Cisco Unified IP Phone 7970 Series	50
Preparing to Install the Cisco Unified IP Phone on Your Network	53
Understanding Interactions with Other Cisco Unified IP Communications Products	54
Understanding How the Cisco Unified IP Phone Interacts with Cisco Unified Communications Manager	54
Understanding How the Cisco Unified IP Phone Interacts with the VLAN	55
Providing Power to the Phone	56
Power Guidelines	57
Phone Power Consumption and Display Brightness	58
Power Outage	59
Obtaining Additional Information about Power	59
Understanding Phone Configuration Files	60
Understanding the Phone Startup Process	62
Adding Phones to the Cisco Unified Communications Manager Database	65
Adding Phones with Auto-Registration	66
Adding Phones with Auto-Registration and TAPS	67
Adding Phones with Cisco Unified Communications Manager Administration	68
Adding Phones with BAT	69
Using Cisco Unified IP Phones with Different Protocols	70
Converting a New Phone from SCCP to SIP	70
Converting an In-Use Phone from SCCP to SIP	71
Converting an In-Use Phone from SIP to SCCP	71
Deploying a Phone in an SCCP and SIP Environment	72
Determining the MAC Address of a Cisco Unified IP Phone	72
Setting Up the Cisco Unified IP Phone	73
Before You Begin	74
Network Requirements	74
Cisco Unified Communications Manager Configuration	74
Understanding the Cisco Unified IP Phone 7970 Series Components	75
Network and Access Ports	75
Handset	76
Speakerphone	76
Headset	77
Audio Quality Subjective to the User	77
Connecting a Headset	78
Disabling a Headset	78
Using External Devices with Your Cisco Unified IP Phone	78
Installing the Cisco Unified IP Phone	79
Attaching the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	82
Adjusting the Placement of the Cisco Unified IP Phone	84
Adjusting Cisco Unified IP Phone Footstand and Phone Height	84
Securing the Phone with a Cable Lock	84
Mounting the Phone to the Wall	86
Verifying the Phone Startup Process	87
Configuring Startup Network Settings	89
Configuring Security on the Cisco Unified IP Phone	89
Configuring Settings on the Cisco Unified IP Phone	93
Configuration Menus on the Cisco Unified IP Phone 7970 Series	93
Displaying a Configuration Menu	95
Unlocking and Locking Options	96
Editing Values	97
Overview of Options Configurable from a Phone	98
Network Configuration Menu	99
Device Configuration Menu	108
CallManager Configuration Menu	108
SIP Configuration Menu (SIP Phones Only)	111
SIP General Configuration Menu	111
Line Settings Menu	113
Call Preferences Menu	114
HTTP Configuration Menu	116
Locale Configuration Menu	117
NTP Configuration Menu (SIP Phones Only)	118
UI Configuration Menu	119
Media Configuration Menu	122
Power Save Configuration Menu	128
Ethernet Configuration Menu	129
Security Configuration Menu	130
QoS Configuration Menu	132
Network Configuration	133
Security Configuration Menu	138
CTL File Menu	140
Trust List Menu	142
802.1X Authentication and Status	143
Configuring Features, Templates, Services, and Users	147
Telephony Features Available for the Phone	148
Configuring Corporate and Personal Directories	170
Configuring Corporate Directories	170
Configuring Personal Directory	170
Modifying Phone Button Templates	171
Configuring Softkey Templates	172
Setting Up Services	173
Adding Users to Cisco Unified Communications Manager	173
Managing the User Options Web Pages	174
Giving Users Access to the User Options Web Pages	174
Specifying Options that Appear on the User Options Web Pages	175
Customizing the Cisco Unified IP Phone	177
Customizing and Modifying Configuration Files	177
Creating Custom Phone Rings	178
Ringlist.xml File Format Requirements	179
PCM File Requirements for Custom Ring Types	180
Configuring a Custom Phone Ring	180
Creating Custom Background Images	181
List.xml File Format Requirements	181
PNG File Requirements for Custom Background Images	182
Configuring a Custom Background Image	183
Configuring Wideband Codec	185
Configuring the Idle Display	185
Automatically Disabling the Cisco Unified IP Phone Touchscreen	187
Viewing Model Information, Status, and Statistics on the Cisco Unified IP Phone	191
Model Information Screen	192
Status Menu	193
Status Messages Screen	194
Network Statistics Screen	204
Firmware Versions Screen	206
Expansion Module(s) Screen (SCCP Phones Only)	207
Call Statistics Screen	208
Monitoring the Cisco Unified IP Phone Remotely	213
Accessing the Web Page for a Phone	214
Disabling and Enabling Web Page Access	215
Device Information	216
Network Configuration	218
Network Statistics	223
Device Logs	227
Streaming Statistics	227
Troubleshooting and Maintenance	235
Resolving Startup Problems	236
Symptom: The Cisco Unified IP Phone Does Not Go Through its Normal Startup Process	236
Symptom: The Cisco Unified IP Phone Does Not Register with Cisco Unified Communications Manager	237
Identifying Error Messages	238
Checking Network Connectivity	238
Verifying TFTP Server Settings	238
Verifying IP Addressing and Routing	239
Verifying DNS Settings	239
Verifying Cisco Unified Communications Manager Settings	239
Cisco Unified Communications Manager and TFTP Services Are Not Running	240
Creating a New Configuration File	241
Registering the Phone with Cisco Unified Communications Manager	242
Symptom: Cisco Unified IP Phone Unable to Obtain IP Address	242
Cisco Unified IP Phone Resets Unexpectedly	242
Verifying Physical Connection	243
Identifying Intermittent Network Outages	243
Verifying DHCP Settings	243
Checking Static IP Address Settings	244
Verifying Voice VLAN Configuration	244
Verifying that the Phones Have Not Been Intentionally Reset	244
Eliminating DNS or Other Connectivity Errors	245
Checking Power Connection	246
Troubleshooting Cisco Unified IP Phone Security	246
General Troubleshooting Tips	249
General Troubleshooting Tips for the Cisco Unified IP Phone Expansion Module 7914 (SCCP Phones Only)	253
Resetting or Restoring the Cisco Unified IP Phone	253
Performing a Basic Reset	254
Performing a Factory Reset	255
Using the Quality Report Tool	256
Monitoring the Voice Quality of Calls	256
Using Voice Quality Metrics	257
Troubleshooting Tips	258
Where to Go for More Troubleshooting Information	260
Cleaning the Cisco Unified IP Phone	260
Providing Information to Users Via a Website	261
How Users Obtain Support for the Cisco Unified IP Phone	262
Giving Users Access to the User Options Web Pages	262
How Users Access the Online Help System on the Phone	262
How Users Get Copies of Cisco Unified IP Phone Manuals	263
Accessing Cisco 7900 Series Unified IP Phone eLearning Tutorials (SCCP Phones Only)	264
How Users Subscribe to Services and Configure Phone Features	264
How Users Access a Voice-Messaging System	265
How Users Configure Personal Directory Entries	266
Installing and Configuring the Cisco Unified IP Phone Address Book Synchronizer	266
Feature Support by Protocol for the Cisco Unified IP Phones 7970 Series	269
Supporting International Users	277
Adding Language Overlays to Phone Buttons	277
Installing the Cisco Unified Communications Manager Locale Installer	278
Technical Specifications	279
Physical and Operating Environment Specifications	279
Cable Specifications	280
Network and Access Port Pinouts	281

Match case Limit results 1 per page

1-23

Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 6.1

OL-14626-01

Chapter 1

An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

•

Overview, page 1-23

•

Required Network Components, page 1-23

•

Best Practices—Requirements and Recommendations, page 1-24

Overview

Cisco Unified IP phones and Cisco Catalyst switches have traditionally used

Cisco Discovery Protocol (CDP) to identify each other and to determine

parameters such as VLAN allocation and inline power requirements. However,

CDP is not used to identify any locally attached PCs. Therefore, Cisco Unified IP

Phones provide an EAPOL pass-through mechanism, whereby a PC locally

attached to the IP phone may pass through EAPOL messages to the 802.1X

authenticator in the LAN switch. This capability prevents the IP phone from

having to act as the authenticator, yet allows the LAN switch to authenticate a

data end point prior to accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP

Phones provide a proxy EAPOL-Logoff mechanism. If the locally attached PC is

disconnected from the IP phone, the LAN switch would not see the physical link

fail, because the link between the LAN switch and the IP phone is maintained. To

avoid compromising network integrity, the IP phone sends an EAPOL-Logoff

message to the switch on behalf of the downstream PC, which triggers the LAN

switch to clear the authentication entry for the downstream PC.

The Cisco Unified IP phones contain an 802.1X supplicant in addition to the

EAPOL pass-through mechanism. This supplicant allows network administrators

to control the connectivity of IP phones to the LAN switch ports. The IP phone

802.1X supplicant implements the EAP-MD5 option for 802.1X authentication.

Required Network Components

Support for 802.1X authentication on Cisco Unified IP Phones requires several

components, including:

•

Cisco Unified IP Phone—The phone acts as the 802.1X supplicant, which

initiates the request to access the network.

•

Cisco Secure Access Control Server (ACS) (or other third-party

authentication server)—The authentication server and the phone must both be

configured with a shared secret that is used to authenticate the phone.